Don't cache error responses (status >= 400)

Antonio Terceiro
1 parent 3c206e7b
Showing 3 changed files with 26 additions and 1 deletions Show diff stats
app/controllers/public/profile_controller.rb
test/integration/http_caching_test.rb
vendor/plugins/noosfero_caching/init.rb
@@ -18,6 +18,7 @@ class ProfileController &lt; PublicController
     @tags = profile.article_tags
     unless profile.display_info_to?(user)
       profile.visible? ? private_profile : invisible_profile
+      render :action => 'index', :status => 403
     end
   end
  
@@ -74,6 +74,23 @@ class HttpCachingTest &lt; ActionController::IntegrationTest
     assert_no_cache
   end
  
+  test 'private community profile should not return cache headers' do
+    create_private_community('the-community')
+
+    get "/profile/the-community"
+    assert_response 403
+    assert_no_cache
+  end
+
+  test 'private community content should not return cache headers' do
+    community = create_private_community('the-community')
+    create(Article, profile_id: community.id, name: 'Test page')
+
+    get "/the-community/test-page"
+    assert_response 403
+    assert_no_cache
+  end
+
   protected
  
   def set_env_config(data)
@@ -84,6 +101,13 @@ class HttpCachingTest &lt; ActionController::IntegrationTest
     env.save!
   end
  
+  def create_private_community(identifier)
+    community = fast_create(Community, identifier: identifier)
+    community.public_profile = false
+    community.save!
+    community
+  end
+
   def assert_no_cache
     assert(cache_parts == ['max-age=0', 'must-revalidate', 'private'] || cache_parts == ['no-cache'], "should not set cache headers (found #{cache_parts.inspect})")
   end
@@ -21,7 +21,7 @@ module NoosferoHttpCaching
         end
       end
     end
-    if n
+    if n && response.status < 400
       expires_in n.minutes, :private => false, :public => true
     end
   end
...	...	@@ -18,6 +18,7 @@ class ProfileController < PublicController
18	18	@tags = profile.article_tags
19	19	unless profile.display_info_to?(user)
20	20	profile.visible? ? private_profile : invisible_profile
	21	+ render :action => 'index', :status => 403
21	22	end
22	23	end
23	24
...	...
...	...	@@ -74,6 +74,23 @@ class HttpCachingTest < ActionController::IntegrationTest
74	74	assert_no_cache
75	75	end
76	76
	77	+ test 'private community profile should not return cache headers' do
	78	+ create_private_community('the-community')
	79	+
	80	+ get "/profile/the-community"
	81	+ assert_response 403
	82	+ assert_no_cache
	83	+ end
	84	+
	85	+ test 'private community content should not return cache headers' do
	86	+ community = create_private_community('the-community')
	87	+ create(Article, profile_id: community.id, name: 'Test page')
	88	+
	89	+ get "/the-community/test-page"
	90	+ assert_response 403
	91	+ assert_no_cache
	92	+ end
	93	+
77	94	protected
78	95
79	96	def set_env_config(data)
...	...	@@ -84,6 +101,13 @@ class HttpCachingTest < ActionController::IntegrationTest
84	101	env.save!
85	102	end
86	103
	104	+ def create_private_community(identifier)
	105	+ community = fast_create(Community, identifier: identifier)
	106	+ community.public_profile = false
	107	+ community.save!
	108	+ community
	109	+ end
	110	+
87	111	def assert_no_cache
88	112	assert(cache_parts == ['max-age=0', 'must-revalidate', 'private'] \|\| cache_parts == ['no-cache'], "should not set cache headers (found #{cache_parts.inspect})")
89	113	end
...	...
...	...	@@ -21,7 +21,7 @@ module NoosferoHttpCaching
21	21	end
22	22	end
23	23	end
24		- if n
	24	+ if n && response.status < 400
25	25	expires_in n.minutes, :private => false, :public => true
26	26	end
27	27	end
...	...